How does privilege users work on MySQL?
https://stackoverflow.com/questions/9303674
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How does privilege users work on MySQL? Do all users who use a social networking website each has a unique user privilege in order to connect to the db or all users use the same privilege such as:
$dsn = 'mysql:host=localhost;dbname=social_site';
$username = 'members';
$password = 'pa55word';
Solution
No, generally speaking there will be one (or a small number) of MySQL users, and the PHP script (or other server side code) will use this one user to do all of the fetching and setting of data. In some scenarios it is helpful to create a handful MySQL users with various permissions levels, as an added level of security (so general select queries are run using a user with only select privileges and inserts and updates are handled by a separate user with those privileges). If you allow remote computers to access the MySQL database directly (for partners websites or applications) it's also common to create a specific MySQL user for that connection with permissions limited to only what they need (no drop or modify permissions, for instance) and limited exclusively to their IP address (you can limit a MySQL user to connections from only a single address).
The bottom line, is that you should only generally create a few users, and your website/application will use only this small pool of users to do all of the querying. Furthermore, it's good practice to access the database with a user that has the fewest permissions possible to accomplish the tasks (within reason... don't create a separate user for every possible action... usually 1-3 users should cover all permissions levels you'd want). If you create a huge number of users you'll (a) slow down MySQL, as it has to access a larger permissions table; (b) it will be much harder to manage permissions if the application changes down the road; and (c) it's more of a pain to debug permissions issues (your PHP script has more flexibility in what to do and report if there is a permissions issue).
OTHER TIPS
Normally you have one database connection and store each users accounts in a "Users" table with corresponding usernames and passwords.
